The cleaned/updated SPI image (outimage.bin) is proper, you did everything correctly. So either something went wrong during flashing or there's some security measure in place. Since Intel BootGuard was not a thing at Bay Trail systems, I don't think it could be something else. Did the flashing complete properly?

Have you tried removing all power from the machine (AC + Battery) for a few minutes (press the power button a few times while the system is off)? If that does not help, try removing and re-inserting the memory modules (make sure you put them back correctly) in case the problem is bad BIOS cache.

Flashing did not show any problems at all and everything you mentioned to solve the problem I already did. Except removing the memory modules because they are also soldered to the motherboard. Even the CMOS battery is soldered but at least not so well, so I was able to remove it. The system was without any source of power for nearly half an hour and that didn't help either. So I'm also convinced, that there must be some sort of (hardware?) security measure. Anyway, thanks for the assurance that I didn't do something wrong (except of trying to change the firmware in the first place). At least I can stop doubting myself and enjoy the christmas holidays.

It's a shame that the machine no longer boots. No matter what, I wish you a Merry Christmas and happy new year as well a-dead-trousers. Personally I don't believe that your original though to update it was misguided but I suppose you're unlucky and stumbled upon some sort of Lenovo security measure or flashing mishap. For now you should definitely enjoy the holidays but if you manage to resolve the issue and possibly figure out what went wrong, please let us know so that the same thing won't hopefully happen to other people in the future.

There aren't any in this thread because Intel no longer has a FWUpdate tool for CSTXE-based Atom platforms (APL, GLK). The official update methods are either via OEM BIOS updates (Capsule) or when the system is in Download & Execute (DNX) mode. Another issue is that CSTXE is usually partially signed by the OEM and their RSA Public Key + Exponent hash is stored in the SoC (hardware, FPF). So, on such images, you cannot update the CSTXE firmware without the OEM Private RSA Key without the platform rejecting your new image. This is what I've understood but someone can correct me if I'm wrong.